Spy! - [SOLVED]
Author
How would you access another program's memory (stack & heap)? That is, from within another program. I'm not talking about things like SoftICE, I mean, what would I do if I wanted to make my own program similar to SoftICE?
C++/Assembly preferably, since I work with those every day.
[Edited by - geekalert on March 28, 2006 9:44:07 AM]
What platform are you developing on?
Regardless, you want to look into IPC (Inter-Process Communication) for the given system you're working with. If you're working on Windows, and I have a feeling you are, this page should help you get started:
http://www.codeproject.com/threads/
But its pretty tricky stuff, I spent 3 months last summer at my company developing a test suite under W2K that works through IPC, and it was a pretty big challenge. If you're working under Windows, by the way, I recommend you look into COM development, I've found that a component-based approach can be an elegant solution to an IPC problem.
-Rob
Regardless, you want to look into IPC (Inter-Process Communication) for the given system you're working with. If you're working on Windows, and I have a feeling you are, this page should help you get started:
http://www.codeproject.com/threads/
But its pretty tricky stuff, I spent 3 months last summer at my company developing a test suite under W2K that works through IPC, and it was a pretty big challenge. If you're working under Windows, by the way, I recommend you look into COM development, I've found that a component-based approach can be an elegant solution to an IPC problem.
-Rob
Well, having never tried it, I'm not sure, but I believe it would involve writing a kernel-level app, as user-level apps won't have access to another process's memory space.
And then it's just a matter of figuring out where in that process's memory space the application code begins and go from there.
And then it's just a matter of figuring out where in that process's memory space the application code begins and go from there.
A more simple method is to use something like DLL injection (where you can spawn your own application).
Then you can access the memory directly from a newly created thread in your DLL.
This might get you thinking, you can access memory the same way but you need to reverse engineer the application to know where certain memory begins using API calls.
Also check out the "Microsoft Detours" they are truly powerful.
Then you can access the memory directly from a newly created thread in your DLL.
//Basic example//Some structure you have mapped out //in the target application may look something like//related to x game.../* 00400370: 0a 00 00 00 ff 00 00 00 b8 0b 00 00 ...... */#define MEM__CHARINFO 0x400370typedef struct _CHARINFO{ int x; //10 int y; //255 int power; //3000} CHARINFO, *PCHARINFO;//... Inject DLL into target game, Create a new Thread//... ThreadProc ->//Here we can just refer to the memory directly//You can change access rights to some special locations of memory //with the Windows API's such as VirtualProtect etc (if required)...BOOL CALLBACK ThreadProc( ... LPVOID lpParams, ... ){ .... //You can access the memory that you have mapped out to the struct now PCHARINFO example; example = (PCHARINFO)MEM__CHARINFO; //Modify Power example->power = 2000;}This might get you thinking, you can access memory the same way but you need to reverse engineer the application to know where certain memory begins using API calls.
Also check out the "Microsoft Detours" they are truly powerful.
Quote:Original post by geekalert
How would you access another program's memory (stack & heap)?
Assuming Windows, I don't think there's any need for kernel-mode drivers etc. What's wrong with ReadProcessMemory?
It's slow and restrictive for a larger project.
You have a lot more power and can organise / optimise a project much easier with other methods.
You have a lot more power and can organise / optimise a project much easier with other methods.
Author
Quote:Original post by bakery2k1Quote:Original post by geekalert
How would you access another program's memory (stack & heap)?
Assuming Windows, I don't think there's any need for kernel-mode drivers etc. What's wrong with ReadProcessMemory?
Is there something called WriteProcessMemory... hmm?
-edit: Yes, there is (stupid me). I guess I'll try out all of your suggestions. Thanks for all the replies!
Quote:Original post by bakery2k1
Assuming Windows, I don't think there's any need for kernel-mode drivers etc.
Ah, I was thinking he also wanted to look at the process's executable in memory as well.
Quote:Original post by pragma FuryQuote:Original post by bakery2k1
Assuming Windows, I don't think there's any need for kernel-mode drivers etc.
Ah, I was thinking he also wanted to look at the process's executable in memory as well.
Can't ReadProcessMemory do that?
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
